Menu
Grafana Cloud Data configuration Logs Collect logs with Promtail
Grafana Cloud

Collect logs with Promtail

The Grafana Cloud stack includes a logging service powered by Grafana Loki, a Prometheus-inspired log aggregation system. This means that you are not required to run your own Loki environment, though you can ship logs to Grafana Cloud using Promtail or another supported client if you maintain a self-hosted Loki environment. If you want to use the Grafana Agent instead of Promtail to send logs, see Collect logs with Grafana Agent.

Before you begin

To follow the steps in this guide, you need the following:

Install Promtail

Promtail is an agent that ships the contents of local logs to a private Grafana Loki instance or Grafana Cloud. It is usually deployed to every machine that has applications needed monitoring.

Promtail primarily:

  • Discovers targets.
  • Attaches labels to log streams.
  • Pushes them to the Loki instance.

Currently, Promtail can tail logs from two sources: local log files and the systemd journal (on AMD64 machines only).

For the options available to install Promtail, see Install Promtail.

Configure Promtail to send logs

There are two options described in this guide for configuring Promtail:

  • Send logs from a standalone host
  • Send logs from a Kubernetes cluster

Option 1: Send logs from a standalone host

To create a Promtail configuration file for sending logs from a standalone host:

  1. Log in to your managed Grafana Cloud environment and select the lightning bolt icon from the left-hand menu for Integrations and Connections.

  2. On the main Integrations and Connections page, click Custom data and select Hosted logs.

  3. Select the option for a standalone host and name the API key that this integration will use:

    logs_promtail_config

    This generates the details needed to create the configuration file. The example below is a Linux YAML file called config.yaml and saved in /etc/promtail/.

    server:
  http_listen_port: 0
  grpc_listen_port: 0

positions:
  filename: /tmp/positions.yaml

client:
  url: https://$InstanceID:$GrafanaCloudAPIKey@$logs-endpoint.grafana.net/api/prom/push

scrape_configs:
- job_name: system
  static_configs:
  - targets:
      - localhost
    labels:
      job: varlogs
      __path__: /var/log/*.log

Option 2: Send logs from a Kubernetes cluster

To create a Promtail configuration file for sending logs from a Kubernetes cluster:

  1. Log in to your managed Grafana Cloud environment and select the lightning bolt icon from the left-hand menu for Integrations and Connections.

  2. On the main Integrations and Connections page, click Custom data and select Hosted logs.

  3. Select the option for a Kubernetes cluster and name the API key that this integration will use:

    k8slogs_promtail_config

    This will generate the details needed to create the configuration file, using the following format:

    curl -fsS https://raw.githubusercontent.com/grafana/loki/main/tools/promtail.sh | sh -s <$InstanceID> <$Your Grafana Cloud API Key> $Your logs-endpoint.grafana.net default | kubectl apply --namespace=default -f  -

Confirm logs are being ingested into Grafana Cloud

Within several minutes, logs should begin to be available in Grafana Cloud. To test this, use the Explore feature.

To confirm that logs are being sent to Grafana Cloud:

  1. Click the compass Explore icon from the left sidebar menu to start.

    This takes you to the Explore page.

  2. At the top of the page, use the dropdown menu to select your Loki logs data source. This should be named grafanacloud-$yourstackname-logs.

    The following image shows the Log browser dropdown to find the labels for logs being ingested to your Grafana Cloud environment.

    Explore_Log_Browser_labels

    If no log labels appear, logs are not being collected. If labels are listed, this confirms that logs are being received.

  3. If logs are not displayed after several minutes, ensure Promtail is running and check your steps for typos. See the Troubleshooting Promtail guide for troubleshooting tips.

In addition to the Log browser dropdown, the Explore user interface also supports autocomplete options:

Explore_Log_Browser_autocomplete

Following is another example of other operators and parsers available. For more details about querying log data, see LogQL: Log query language.

Explore_Log_Browser_autocomplete_more

Query logs and create panels

Once you have Promtail up and running on your log source, give it some time to start collecting logs. Eventually, you will be able to query logs and create panels inside dashboards using Loki as a data source.

Querying logs is done using LogQL which can be used in both Explore and when creating dashboard panels.

For examples and feature showcases, check out play.grafana.org for ideas and inspiration.